AlertingException[analyzer [rule_analyzer] has not been configured in mappings]

opoplawski · March 6, 2023, 4:23pm

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

opensearch-2.5.0-1.x86_64

Describe the issue:

Getting this every 15 minutes in the log:

Mar 01 15:35:56 systemd-entrypoint[792]: uncaught exception in thread [DefaultDispatcher-worker-4]
Mar 01 15:35:56 systemd-entrypoint[792]: AlertingException[analyzer [rule_analyzer] has not been configured in mappings]; nested: Exception[java.lang.IllegalArgumentException: analyzer [rule_analyzer] has not been configured in mappings];
Mar 01 15:35:56 systemd-entrypoint[792]:         at org.opensearch.alerting.util.AlertingException$Companion.wrap(AlertingException.kt:70)
Mar 01 15:35:56 systemd-entrypoint[792]:         at org.opensearch.alerting.util.DocLevelMonitorQueries.updateQueryIndexMappings(DocLevelMonitorQueries.kt:359)
Mar 01 15:35:56 systemd-entrypoint[792]:         at org.opensearch.alerting.util.DocLevelMonitorQueries.access$updateQueryIndexMappings(DocLevelMonitorQueries.kt:41)
Mar 01 15:35:56 systemd-entrypoint[792]:         at org.opensearch.alerting.util.DocLevelMonitorQueries$updateQueryIndexMappings$1.invokeSuspend(DocLevelMonitorQueries.kt)
Mar 01 15:35:56 systemd-entrypoint[792]:         at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
Mar 01 15:35:56 systemd-entrypoint[792]:         at kotlinx.coroutines.DispatchedTask.run(Dispatched.kt:285)
Mar 01 15:35:56 systemd-entrypoint[792]:         at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:594)
Mar 01 15:35:56 systemd-entrypoint[792]:         at kotlinx.coroutines.scheduling.CoroutineScheduler.access$runSafely(CoroutineScheduler.kt:60)
Mar 01 15:35:56 systemd-entrypoint[792]:         at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:742)
Mar 01 15:35:56 systemd-entrypoint[792]: Caused by: java.lang.Exception: java.lang.IllegalArgumentException: analyzer [rule_analyzer] has not been configured in mappings
Mar 01 15:35:56 systemd-entrypoint[792]:         ... 9 more

Configuration:

rpm install. I attempted to setup security analytics, but then tried to remove any configuration. I suspect something is left over.

Also, I don’t know why the journal is reporting the process name as “systemd-entrypoint”. It is the opensearch process.

Gsmitt · March 7, 2023, 3:37am

Hey @opoplawski

Curious, have you tried to execute a re-install on Opensearch package? if not ensure you save config files that are needed.

Sometime re-install might place back what was deleted/needed. Just an idea.

Topic		Replies	Views
[alerting_exception] analyzer [analyzer_keyword] has not been configured in mappings OpenSearch Dashboards	2	1151	June 22, 2023
Opensearch alerting plugin is throwing exception Filter by user backend roles is enabled by security disabled Alerting	7	799	June 8, 2023
DNS SAP monitor throws error on create Security Analytics troubleshoot	8	355	July 7, 2023
Unable to get alert - getting Error and Deleted state Security Analytics discuss	1	252	April 30, 2024
Opensearch-performance-analyzer.service - java.lang.IllegalArgumentException: cannot add context to list Performance Analyzer	3	429	May 27, 2024

AlertingException[analyzer [rule_analyzer] has not been configured in mappings]

Related topics